[Oisf-users] Suricata 3.2 segmentation fault

Vieri rentorbuy at yahoo.com
Mon Dec 19 09:15:58 UTC 2016

----- Original Message -----
> From: Andreas Herz <andi at geekosphere.org>
> What distribution are you using?
> Is there a reason why ou have two march set?
> It might be interesting to see if -O2 and -O0 is the real difference

> between the crash and the non-crash version.

I'm using Gentoo and the default CFLAGS on my system is "-O2 -march=i686 -pipe".
The problem is that Suricata's configure script adds -march=native if gccmarch-native is enabled.
So I modified the Gentoo Suricata ebuild like so:

if use debug ; then
myeconfargs+=( $(use_enable debug) )
# so we can get a backtrace according to "reporting bugs" on upstream web site
CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
# avoid upstream configure script trying to add -march=native to CFLAGS
econf LIBS="${LIBS}" ${myeconfargs[@]} --enable-gccmarch-native=no

NB: as a side note, I don't know why ./configure doesn't add the -march=native when I set the -ggdb and -O0 CFLAGS, but I didn't have the time to fully read the configure script anyway.

The bottom line is that now I have this:

# suricata --build-info
This is Suricata version 3.2 RELEASE
SIMD support: none
Atomic intrisics: 1 2 4 8 byte(s)
32-bits, Little-endian architecture
GCC version 4.7.3, C version 199901
compiled with -fstack-protector
compiled with _FORTIFY_SOURCE=2
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.22, linked against LibHTP v0.5.22

Suricata Configuration:
AF_PACKET support:                       yes
PF_RING support:                         no
NFQueue support:                         yes
NFLOG support:                           no
IPFW support:                            no
Netmap support:                          no
DAG enabled:                             no
Napatech enabled:                        no

Unix socket enabled:                     yes
Detection enabled:                       yes

libnss support:                          yes
libnspr support:                         yes
libjansson support:                      yes
hiredis support:                         no
Prelude support:                         no
PCRE jit:                                no, libpcre 8.35 blacklisted
LUA support:                             yes
libluajit:                               no
libgeoip:                                no
Non-bundled htp:                         yes
Old barnyard2 support:                   no
CUDA enabled:                            no
Hyperscan support:                       no
Libnet support:                          yes

Suricatasc install:                      yes

Profiling enabled:                       no
Profiling locks enabled:                 no

Development settings:
Coccinelle / spatch:                     no
Unit tests enabled:                      no
Debug output enabled:                    no
Debug validation enabled:                no

Generic build parameters:
Installation prefix:                     /usr
Configuration directory:                 /etc/suricata/
Log directory:                           /var/log/suricata/

--prefix                                 /usr
--sysconfdir                             /etc
--localstatedir                          /var

Host:                                    i686-pc-linux-gnu
Compiler:                                i686-pc-linux-gnu-gcc (exec name) / gcc (real)
GCC Protect enabled:                     yes
GCC march native enabled:                no
GCC Profile enabled:                     no
Position Independent Executable enabled: no
CFLAGS                                   -O2 -march=i686 -pipe
PCAP_CFLAGS                               -I/usr/include
SECCFLAGS                                -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security

And a reload (-USR2) now works as expected. No segmentation faults.

Thanks for your time,


More information about the Oisf-users mailing list